A long-running surveillance and espionage campaign targeting one of China's largest ethnic minority groups has been revealed by researchers.
Palo Alto Networks discovered the "Scarlet Mimic" group in 2016, which was initially spotted targeting Uyghur and Tibetan rights activists.
Although the Chinese government has long oppressed and spied on these and other minority groups in the country, no direct attribution of this group's activities to Beijing is currently available.
Check Point explained in a new report this week that Scarlet Mimic's mobile malware dates back to 2015.
“The malware is relatively unsophisticated from a technical standpoint. However, its capabilities allow the attackers to easily steal sensitive data from the infected devices, even perform calls or send an SMS and track their location in real-time,” said Check Point.
“This makes it a powerful and dangerous surveillance tool. This tool also allows audio recording of incoming and outgoing calls, as well as surround recording.”
It has since identified 20 variants of the MobileOrder Android spyware, the most recent of which was discovered in mid-August of this year.
“The malware is relatively unsophisticated from a technical standpoint. However, its capabilities allow the attackers to easily steal sensitive data from the infected devices, even perform calls or send an SMS and track their location in real-time,” said Check Point.
“This makes it a powerful and dangerous surveillance tool. This tool also allows audio recording of incoming and outgoing calls, as well as surround recording.”
The malware is thought to be hidden in applications with Uyghur-language titles and disguised as PDF documents, photos, or audio. According to Check Point, it is spread through social engineering rather than being made available on the Google Play Store.
“When the victim opens the decoy content, the malware begins to perform extensive surveillance actions in the background. These include stealing sensitive data such as the device information, SMS messages, the device location, and files stored on the device,” the report continued.
“The malware is also capable of actively executing commands to run a remote shell, take photos, perform calls, manipulate the SMS, call logs and local files, and record the surround sound.”
Check Point advised anyone who might be a victim of this campaign to install anti-malware software on their device, use a VPN, and avoid clicking on suspicious links.
"Scarlet Mimic seems to be a politically motivated group. In the past, there have been reports from other researchers that it could be linked to China,” the vendor concluded.
“If true, it would make these surveillance operations part of a much wider issue, as this minority group has reportedly been on the receiving end of attacks for many years.”
This week, Beijing is on the defensive at the United Nations after a long-awaited report from the UN Human Rights Office confirmed evidence of serious human rights violations against Uyghur and other ethnic minority groups in Xinjiang.
